Welcome to #WeekendWisdom number 38. This week we’re going to talk about shadow IT.
What is shadow IT?
It’s basically where staff or volunteers or contractors in an organisation use a technology that the organisation has no control over. No sight of and is unaware of. Here are three examples:
Used for risky Internet access
One would be where staff might use their mobile phones as an internet hotspot to be able to access the internet unrestricted, through their phone rather than through maybe a tightly controlled firewall on their local network. The risk here is that they may be able to access sites that may bring malware into the network and effectively they’re bridging the insecure internet to your local network.
USB memory sticks – burn them with fire
There’s always the risks as well associated with the use of USB memory sticks, that people are picking up at conferences and things like that. With no idea where they’re coming from. What’s on them. So there’s always been a risk around those.
Cloud Storage – it’s only as secure as you can make it
Finally if Staff were to use personal cloud storage services like a Dropbox or a Google drive or an Amazon S3 bucket, the organisation if they are unaware that, they don’t know how well secured those platforms are. They don’t know whether the data could be potentially breached from those cloud storage services. So there is a risk there.
What’s the real problem that Shadow IT creates?
And with all these technologies, the main risk here is in fact that they’re probably going to give you a breach of the GDPR in that you’re not in control of your IT security.
So that’s it for this week. Let’s be careful out there and we’ll talk to you again next week.
How can L2 Cyber Security help you?
We can conduct an audit on your infrastructure and look for signs of Shadow IT. When we find it, we can provide guidance on how to remediate it to everyone’s satisfaction.
We offer a full range of training programmes, which can be delivered online or in-person*.
L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.
Contact us for more information at info@L2CyberSecurity.com.
*With appropriate social distancing and other health and safety measures adhered to.